Article Details

Cybersecurity Training Not Sticking? How to Fix Risky Password Habits. Organizations recognize the cybersecurity risks posed by their end-users, so they invest in security and awareness training programs to help improve security and mitigate risks. However, cybersecurity training has its limitations, especially when it comes to changing end-users' behavior around passwords. Despite being educated on best practices, end-users prioritize convenience and efficiency over security. They’re not setting out to cause risk – they simply want to get their work done quickly without the hassle of remembering multiple complex passwords. There's a prevailing attitude of "it won't be me" when it comes to cybersecurity breaches. While security training can help create a culture of cybersecurity awareness, it can't be relied upon to consistently change behavior. We’ll walk through the limitations of training and suggest five ways you can bolster it with technology to enforce stronger password security. Where training falls short According to LastPass research, 79% of people who received cybersecurity training found it helpful. However, only 31% of those individuals reported that they had stopped reusing passwords. This indicates that while training may provide valuable knowledge, it does not always translate into immediate behavioral changes. It’s either not sticking, or end users are disregarding what they’ve learned in favor of speed and convenience. This behavior is often driven by wanting to minimize the hassle of remembering multiple complex passwords. It’s understandable. After the explosion in SaaS adoption, an average organization uses over, 130 SaaS applications and the average employee must manage around 100 passwords. Even with the best intentions, employees may still forget or neglect to follow password security guidelines. Time constraints, forgetfulness, and the lack of personalized guidance can all hinder the effectiveness of training programs. This adds up to mean that while cybersecurity training is valuable in building awareness and knowledge about password security, it has limitations in changing risky user behavior like password reuse. Why is password reuse so problematic? Bitwarden research found that 84% of internet users admit to reusing passwords, which should set alarm bells ringing for IT teams. When individuals reuse work passwords on personal websites and applications, a breach outside of your organization could provide an easy pathway for attackers to infiltrate your workplace. This undermines your organization's efforts to protect sensitive data and systems, as you can be compromised by a weak outside link. Consider a scenario where attackers get their hands on a database of passwords from an external website or SaaS application with weak security. The passwords might be hashed, but attackers have time to try and crack them, then figure out who people are and where they work. If victims have been reusing their work passwords, this could give attackers an easy route into their organization.  Password reuse is a particularly difficult problem for organizations to solve through training, as they’re trying to influence outside-of-work behaviors. It’s an issue that requires help from technology. Six ways to support training with the right technology By combining training efforts with technology, organizations can create a more robust defense against risky password behavior. Here are six ways we’d recommend you augment your cybersecurity training efforts. Reinforce training with powerful password security Specops Password Policy with Breached Password Protection blocks weak passwords from being created and continuously scans your Active Directory passwords against a database of over four billion known compromised passwords. This offers a valuable safety net for mitigating risky password behavior and your end-user’s Active Directory passwords being breached. Your end-users’ experience is also considered through customizable notifications and dynamic feedback during the password change process that guides them towards creating strong, memorable passwords. By improving the user experience, organizations reinforce their security awareness efforts and encourage users to adopt better password practices, reducing the likelihood of password reuse. Find out how Specops Password Policy could fit in with your organization. Sponsored and written by Specops Software.